package com.gouqi.tools.realm;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.springframework.util.DigestUtils;

public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {

    private static final String SALT = "gouqi-tools";

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        String credentials = String.valueOf((char[]) token.getCredentials());
        //获得前端传过来的密码
        String originalPassword = DigestUtils.md5DigestAsHex((SALT + credentials).getBytes());
        //这是数据库里查出来的密码
        String sqlOriginalPassword = info.getCredentials().toString();
        //进行比对，BCrypt工具类
        return originalPassword.equals(sqlOriginalPassword);
    }
}
